Re: [Freeipa-users] Cannot install 3rd party certificate

2017-02-21 Thread Matt .
Hi Flo, Yes it does! Thanks for that. Is it not possible to remove a certificate fully as it always syncs this way ? Or remove it from /etc/httpd/alias, then from ldap and then sync again ? Cheers, Matt 2017-02-21 9:03 GMT+01:00 Florence Blanc-Renaud : > On 02/20/2017 04:09

Re: [Freeipa-users] Cannot install 3rd party certificate

2017-02-21 Thread Florence Blanc-Renaud
On 02/20/2017 04:09 PM, Matt . wrote: Hi Rob, Yes it does, I understood that there was some reason the duplicate might exist, but I wonder more why does the RootCA show up when I removed it and comes back after adding the two intermediates ? Hi Matt, when ipa-cacert-manage install is run, it

Re: [Freeipa-users] Cannot install 3rd party certificate

2017-02-20 Thread Matt .
Hi Rob, Yes it does, I understood that there was some reason the duplicate might exist, but I wonder more why does the RootCA show up when I removed it and comes back after adding the two intermediates ? Thanks Matt 2017-02-20 15:20 GMT+01:00 Rob Crittenden : > Matt .

Re: [Freeipa-users] Cannot install 3rd party certificate

2017-02-20 Thread Rob Crittenden
Matt . wrote: > Hi, > > The install seems to be OK this way, but I'm still confused about the > duplicated and the RootCA. What does this show? #3 certutil -L -d /etc/httpd/alias -n COMODORSAAddTrustCA I'm guessing it will show two certs with different serial numbers, which means this is a-ok.

Re: [Freeipa-users] Cannot install 3rd party certificate

2017-02-20 Thread Matt .
Hi, The install seems to be OK this way, but I'm still confused about the duplicated and the RootCA. Cheers, Matt 2017-02-18 14:47 GMT+01:00 Matt . : > Hi Florance, > > > I'm actually stil investigating this as the following occurs. > > I have removed all unneeded certs

Re: [Freeipa-users] Cannot install 3rd party certificate

2017-02-16 Thread Matt .
Hi Flo, Sure I can, I will look through the steps closely tomorrow and will create some lineup here. Cheers, Matt 2017-02-16 23:55 GMT+01:00 Florence Blanc-Renaud : > On 02/16/2017 09:55 PM, Matt . wrote: >> >> Hi Flo! (if I may call you like that, saves some characters in

Re: [Freeipa-users] Cannot install 3rd party certificate

2017-02-16 Thread Florence Blanc-Renaud
On 02/16/2017 09:55 PM, Matt . wrote: Hi Flo! (if I may call you like that, saves some characters in typing but with this extra line it doesn't anymore :)) This works perfectly, thank you very much. Hi Matt, glad I could help. What did you do differently that could explain the failure,

Re: [Freeipa-users] Cannot install 3rd party certificate

2017-02-16 Thread Matt .
Hi Flo! (if I may call you like that, saves some characters in typing but with this extra line it doesn't anymore :)) This works perfectly, thank you very much. No questions further actually :) Cheers, Matt 2017-02-16 11:17 GMT+01:00 Florence Blanc-Renaud : > On 02/15/2017

Re: [Freeipa-users] Cannot install 3rd party certificate

2017-02-16 Thread Florence Blanc-Renaud
On 02/15/2017 05:40 PM, Matt . wrote: Hi, Is there any update on this ? I need to install 3 other instances but I would like to know upfront if it might be a bug. Hi Matt, I was not able to reproduce your issue. Here were my steps: Install FreeIPA with self-signed cert: ipa-server-install

Re: [Freeipa-users] Cannot install 3rd party certificate

2017-02-15 Thread Matt .
Hi, Is there any update on this ? I need to install 3 other instances but I would like to know upfront if it might be a bug. Thanks, Matt 2017-02-14 17:59 GMT+01:00 Matt . : > Hi Florance, > > Sure I can, here you go: > > Fedora 24 > Freeipa VERSION: 4.4.2, API_VERSION:

Re: [Freeipa-users] Cannot install 3rd party certificate

2017-02-14 Thread Matt .
Certs are valid, I will check what you mentioned. I'm also no fan of bundles, more the seperate files but this doesn't seem to work always. At least for the CAroot a bundle was required. Matt 2017-02-14 14:51 GMT+01:00 Sullivan, Daniel [CRI] : > Have you validated

Re: [Freeipa-users] Cannot install 3rd party certificate

2017-02-14 Thread Matt .
Hi Dan, Ues i have tried that and I get the message that it misses the full chain for the certificate. My issue is more, why is the Server-Cert being removed on a certupdate ? Cheers, Matt 2017-02-14 2:18 GMT+01:00 Sullivan, Daniel [CRI] : > Is the chain in

Re: [Freeipa-users] Cannot install 3rd party certificate

2017-02-13 Thread Sullivan, Daniel [CRI]
Is the chain in mydomain_com_bundle.crt? Have you tried it with the cert only (disclaimer: I’ve never done this). Dan > On Feb 13, 2017, at 4:08 PM, Matt . wrote: > > Hi Guys, > > I'm trying to install a 3rd party certificate using: > >

[Freeipa-users] Cannot install 3rd party certificate

2017-02-13 Thread Matt .
Hi Guys, I'm trying to install a 3rd party certificate using: http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP#Procedure_in_current_IPA When I run the install command for the certificate itself: ]# ipa-server-certinstall -w -d mydomain_com.key mydomain_com_bundle.crt